<?php

require_once ABSPATH . '/system/sql.php';

$sql_link = MySQL::getInstance();


$identity = $GLOBALS['user_identity'];

//检测权限
if($identity != 'admin' && $identity != 'teacher'){
    require_once __DIR__.'/403.php';
    return;
}

//获取列表
if(isset($_GET['page']) && isset($_GET['size'])){
    $page = $_GET['page'];
    $size = $_GET['size'];

    $res = $sql_link->prepare('SELECT users.username, users.name, user_infos.sex, user_infos.institute, user_infos.speciality,
    user_infos.class, user_infos.phone_mac, user_infos.pc_mac FROM users, user_infos WHERE users.identity ="student" AND users.id = user_infos.user_id');
    $res->execute();
    $students_data = $res->fetchAll(PDO::FETCH_ASSOC);

    $ret = array(
        'code' => 200,
        'msg' => 'ok',
        "count"=> count($students_data),
        "data"=> array_slice($students_data, ($page-1)*$size,$size)
    );
}else{
    $_POST['phone_mac'] = strtolower($_POST['phone_mac']);
    $_POST['pc_mac'] = strtolower($_POST['pc_mac']);
    if($_POST['action'] == 'add'){
        $res = $sql_link->prepare('SELECT id FROM users WHERE username =:username');
        $res->bindParam(':username',$_POST['username']);
        $res->execute();
        $data = $res->fetchAll(PDO::FETCH_ASSOC);
        if(count($data) > 0){
            $ret = array(
                'code' => 200,
                'msg' => '用户名已存在',
            );
        }else{
            $res = $sql_link->prepare('INSERT INTO users (username, name,identity) VALUE (:username,:name,"student")');
            $res->bindParam(':username',$_POST['username']);
            $res->bindParam(':name',$_POST['name']);
            $res->execute();

            $res = $sql_link->prepare('INSERT INTO user_infos (user_id, sex, institute, speciality,class,phone_mac,pc_mac)
             VALUE (last_insert_id(),:sex,:institute,:speciality,:class,:phone_mac,:pc_mac)');
            $res->bindParam(':sex',$_POST['sex']);
            if($_POST['sex'] != '男' && $_POST['sex'] != '女'){
                $_POST['sex'] = '未知';
            }
            $res->bindParam(':institute',$_POST['institute']);
            $res->bindParam(':speciality',$_POST['speciality']);
            $res->bindParam(':class',$_POST['class']);
            $res->bindParam(':phone_mac',$_POST['phone_mac']);
            $res->bindParam(':pc_mac',$_POST['pc_mac']);
            $res->execute();
            $ret = array(
                'code' => 200,
                'msg' => 'ok',
            );
        }

    }else if($_POST['action'] == 'mod'){
        $res = $sql_link->prepare('UPDATE users, user_infos SET users.name = :name, user_infos.sex = :sex,
        user_infos.institute = :institute, user_infos.speciality = :speciality, user_infos.class = :class, user_infos.phone_mac =:phone_mac,
        user_infos.pc_mac = :pc_mac WHERE users.username = :username AND users.id = user_infos.user_id');
        $res->bindParam(':username',$_POST['username']);
        $res->bindParam(':name',$_POST['name']);
        $res->bindParam(':sex',$_POST['sex']);
        $res->bindParam(':institute',$_POST['institute']);
        $res->bindParam(':speciality',$_POST['speciality']);
        $res->bindParam(':class',$_POST['class']);
        $res->bindParam(':phone_mac',$_POST['phone_mac']);
        $res->bindParam(':pc_mac',$_POST['pc_mac']);
        $res->execute();
        $ret = array(
            'code' => 200,
            'msg' => 'ok',
        );
    }else if($_POST['action'] == 'del'){
        $usernames = explode(',', rtrim($_POST['usernames'], ','));
        $len = count($usernames);
        $str = 'DELETE FROM users WHERE username IN(';
        for($i=0;$i<$len;$i++)
        {
            $str.='?,';
        }
        $str = rtrim($str, ',');
        $str = $str.') AND identity="student"';
        $res = $sql_link->prepare($str);
        $index = 1;
        foreach($usernames as $username){
            $res->bindValue($index,$username);
            $index ++;
        }
        $res->execute();

        $ret = array(
            'code' => 200,
            'msg' => 'ok',
        );
    }else if($_POST['action'] == 'mov'){
        if($identity != 'admin'){
            require_once __DIR__.'/403.php';
            return;
        }

        $usernames = explode(',', rtrim($_POST['usernames'], ','));
        $len = count($usernames);
        $str = 'UPDATE users SET identity="student" WHERE username IN(';
        for($i=0;$i<$len;$i++)
        {
            $str.='?,';
        }
        $str = rtrim($str, ',');
        $str = $str.')';
        $res = $sql_link->prepare($str);
        $index = 1;
        foreach($usernames as $username){
            $res->bindValue($index,$username);
            $index ++;
        }
        $res->execute();

        $ret = array(
            'code' => 200,
            'msg' => 'ok',
        );
    }
}
echo json_encode($ret);

/*
{
	"code": 200,
	"msg": "ok",
	"count":100,
	"data": [{
        "username":"3151909131",
        "name":"李鹏",
        "sex":"男",
        "institute":"信息科学与工程学院",
        "speciality":"通信工程",
        "class":"1501",
        "phone_mac":"00:00:00:00:00:00",
        "pc_mac":""
    },{
        "username":"3151909119",
        "name":"李超",
        "sex":"男",
        "institute":"信息科学与工程学院",
        "speciality":"通信工程",
        "class":"1501",
        "phone_mac":"00:00:00:00:00:00",
        "pc_mac":""
    },{
        "username":"3151909119",
        "name":"林中奇",
        "sex":"男",
        "institute":"信息科学与工程学院",
        "speciality":"通信工程",
        "class":"1501",
        "phone_mac":"00:00:00:00:00:00",
        "pc_mac":""
    }]
}*/